Devops

AIOPS Concepts XDR（Extended Detection and Response）：综合网络、终端、云等层面 EDR（Endpoint Detection and Response）：主要关注终端层面的威胁和响应 NDR（Network Detection and Response）：主要关注网络层面的威胁和响应 SIEM（Security Information and Event Management） Splunk Elastic SIEM Log Rhythm DXL（Data Exchange Layer）：用于安全产品之间通信的协议 SOC（Security Operations Center） IDS（Intrusion Detection System） HIDS (Host-Based Intrusion Detection System) FIM (File Integrity Monitoring) NIDS (Network-Based IDS) Signature-based IDS (Knowledge-based IDS) Anomaly-based IDS NTA(Network Traffic Analysis) DLP(Data Loss Prevention) EDLP(Endpoint-based DLP) NDLP(Network-based DLP) NAC（Network Access Control）：网络准入控制，确保只有符合条件的设备才能访问 Projects OpenDXL OpenXDR OpenEDR OpenSOC GrayLog OSSIM Security Onion Apache Matron IDS Snort Suricata Wazuh Rules Syntax OSSEC Log monitoring/analysis Zeek (Bro) Samhain Labs OpenDLP Sigma OpenSearch-Using Security Analysis OpenSearch Neural Search Plugin Tutorial MSTIC: msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks Anomaly Detection Log-based Log Parser Github - logpai - Drain3 Github - logpai - Logparser Projects Github - Log-based Anomaly Detection with Deep Learning: How Far Are We? Github - logpai - loglizer Researchers Chongqing University - Hongyu Zhang Microsoft Research Asia - Shaohan Huang References Github - Anomaly Detection Learning Resources Github - Awesome Log Analysis Github - AIOps handbook Mechine Learning Libraries Github - PyOD Time series Libraries Github - tslearn DLP Document Classification Articles ...

Docker Command 登录 docker login 查看信息 # version docker version docker info # 查看系统信息 docker system info # ps docker ps # 查看容器信息 docker inspect container_name/container_id # 查看容器运行日志 docker logs container_name/container_id # 查看尾部日志并跟踪 docker logs --tail 10 -f container_name/container_id # 查看容器端口映射 docker port container_name # 查看容器占用资源 docker stats 镜像 # search images docker search python # list images docker image ls # download image docker pull python:latest # commit image docker commit -m "comment" -a "author" container_id my_hub/my_image:tag # push image docker login docker tag my_image my_hub/my_image docker push my_hub/my_image # remove image docker rmi my_image:tag docker image prune # save image docker save -o my_image.tar my_hub/my_image # load image docker load --input my_image.tar Build docker image build ...

Git 配置 git config --global user.name "your_username" git config --global user.email "your_email" # 查看所有配置 git config -l 初始化 # 初始化指定目录 git init git-demo # 初始化当前目录 git init 查看状态 git status git status -s # 简化版 # short format # ?? file # 文件未追踪 # A file # 文件已添加 # M file # 文件被修改 # M file # 文件被修改且已加入暂存区 标识 SHA1标识：f1dfde5930bb26b7e94738481aca2bad6fc74b39 可以使用缩写，只写前4+位 HEAD引用：指向当前分支的最新修订 HEAD^n：当HEAD或标识存在分支合并时，指向第n个父修订 HEAD~m：指向第m个祖先修订 HEAD^n~m：指向第n个父修订的第m个祖先修订 HEAD@{k}：指向倒数第k个历史操作指向的修订 分支引用：指向所指分支的最后一个修订 查看历史记录 查看提交记录 git log git log --graph git --no-pager log # 输出到stdout git log --oneline # 一行展示 # 查看最近3条记录，-3表示输出不查过3行 git log HEAD -3 # 查看离 e85fe7 最近3条记录 git log e85fe7 -3 # 单行显示 git log --abbrev-commit --pretty=oneline # 只显示提交备注 git log --pretty=format:'%s' # 配置alias git config --global alias.hist 'log --pretty=format:"%h %ad | %s%d [%an]" --date=short' git hist git config --global alias.graph 'log --graph' git graph git config --global alias.mist 'log --pretty=format:"%s"' git mist 查看提交 # 查看 e85fe7 的修订记录 git show e85fe7 # 查看倒数第2次记录 # HEAD: 当前修订，等于HEAD~0 # HEAD~1: 前一个修订 # HEAD~2: 前两个修订 git show HEAD~2 查看文件差异 # ckeck difference git diff git diff --name-only # 只显示文件名 git diff --stat # 显示统计信息 # 查看倒数第二次修订和当前修订中，file1文件的差异 git diff HEAD~1 HEAD file1 difftool 在 ~/.gitconfig 中写入一下配置 ...

Kubernetes Viewing, finding resources # Get commands with basic output kubectl get services # List all services in the namespace kubectl get pods --all-namespaces # List all pods in all namespaces kubectl get pods -o wide # List all pods in the current namespace, with more details kubectl get deployment my-dep # List a particular deployment kubectl get pods # List all pods in the namespace kubectl get pod my-pod -o yaml # Get a pod's YAML # Describe commands with verbose output kubectl describe nodes my-node kubectl describe pods my-pod # print logs kubectl logs my-pod Creating objects kubectl apply -f ./my-manifest.yaml # create resource(s) kubectl apply -f ./my1.yaml -f ./my2.yaml # create from multiple files kubectl apply -f ./dir # create resource(s) in all manifest files in dir kubectl apply -f https://git.io/vPieo # create resource(s) from url kubectl create deployment nginx --image=nginx # start a single instance of nginx # create a Job which prints "Hello World" kubectl create job hello --image=busybox -- echo "Hello World" # create a CronJob that prints "Hello World" every minute kubectl create cronjob hello --image=busybox --schedule="*/1 * * * *" -- echo "Hello World" 模版文件 可以通过 kubectl explain pod 详细查看Pod资源所支持的所有字段的详细说明 ...

Make bin2hex: bin2hex.c gcc -Wall -Werror -o bin2hex bin2hex.c .PHONY: clean clean : rm bin2hex Arguments makefile: target: echo argument is $(argument) command make foo=bar target

Monitoring InfluxDB Documentaion 官方文档：Get started with InfluxDB 镜像配置：influxdb Docker Official Images 函数详解：Prometheus数学理论基础 Install # docker docker run \ --name influxdb \ -p 8086:8086 \ -v $PWD/config.yml:/etc/influxdb2/config.yml \ -v /data/influxdb:/var/lib/influxdb2 \ influxdb:2.2.0 Setup docker exec influxdb influx setup \ --username {username} \ --password {password} \ --org {org} \ --bucket default \ --retention 8760h \ --force Query from(bucket:"example-bucket") |> range(start: -15m) |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system" and r.cpu == "cpu-total" ) Prometheus Documentaion 官方文档：GETTING STARTED 安装Node Exporter 在要监控的机器上安装 Node Exporter ...

n8n Install：Self-hosting n8n docker volume create n8n_data docker run -d \ --name n8n \ --network host \ -v n8n_data:/home/node/.n8n \ -e TZ="Asia/Shanghai" \ -e N8N_SECURE_COOKIE=false \ docker.n8n.io/n8nio/n8n Triggers Mannual Form Action Send Email Gmail SMTP 配置： User：<your_email>@gmail.com Password： 设置 app passwords：https://myaccount.google.com/u/3/apppasswords Host：smtp.gmail.com Port：465 SSL/TLS：true Code Python: 不支持发送 HTTP 请求 不支持访问文件系统 不支持自己安装第三方包，只支持 Pyodide 内置的包 windmill Github - windmill Perfect Github - Perfect